Release of Invalid Pointer or Reference

CVE-2024-25079

High

7.4/10

Summary

A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: LOW

CWE-763 - Release of Invalid Pointer or Reference

The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.

References

Advisory Timeline

Published May 15, 2024

Release of Invalid Pointer or Reference

CVE-2024-25079

Summary

CWE-763 - Release of Invalid Pointer or Reference

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS